Privacy Policy

1. Overview

At PageDrop, we take your privacy seriously. This Privacy Policy explains how we collect, use, and protect your information when you use our service for sharing HTML content, particularly AI-generated content from ChatGPT, Claude, and other Large Language Models.

Our Privacy Commitment:

• No user accounts or personal information required
• No tracking cookies or analytics on shared content
• Automatic content deletion based on your settings
• No sale or sharing of user data
• Minimal data collection for service operation only

2. Information We Collect

Content You Upload

HTML content you upload or paste
Optional file names you provide
Custom URL paths you create
Password protection settings (passwords are hashed)
Expiration preferences (TTL settings)

Technical Information

The following information is collected automatically when you use PageDrop:

IP address (for rate limiting and abuse prevention)
Browser type and version (for compatibility)
Upload and access timestamps
Content access counts (for one-time read functionality)
Geolocation derived from IP (country/region level only)

Security Information (Device Identification)

For security purposes only, we create a unique identifier from your browser and device characteristics to protect users from malicious actors and prevent abuse.

Visitors are identified by a hash created from browser and device information. This identifier persists across sessions to track repeat violations, but does not enable cross-site tracking or personal identification.

Important: These identifiers are hashed and used exclusively to prevent abuse and block repeat violators. We do NOT use them for advertising, analytics, or tracking across other websites.

What We DON'T Collect

• No personal information (name, email, phone)
• No user accounts or profiles
• No tracking across other websites
• No behavioral analytics on shared content
• No location data beyond IP-based rate limiting

3. How We Use Your Information

We use collected information solely to:

Provide the Service: Store and serve your HTML content as requested
Security: Prevent abuse, spam, and malicious content
Rate Limiting: Ensure fair access for all users
Content Moderation: Screen for prohibited content
Technical Operations: Maintain service performance and reliability
Actor Tracking: Identify and block repeat violators using device identifiers and IP addresses
Threat Prevention: Maintain blocklists of malicious content hashes, IPs, and device identifiers

How We Use Device Identifiers:

• Track repeat offenders across sessions
• Implement progressive blocking for malicious uploads
• Prevent re-uploading of confirmed malicious content
• Maintain security without requiring user accounts

Identifiers are stored as cryptographic hashes (not reversible) and automatically deleted after 90 days. Blocklisted identifiers may be retained longer for security purposes.

We DO NOT:

• Sell or rent your data to third parties
• Use your content for training AI models
• Share your data for marketing purposes
• Index your content in search engines
• Store content longer than your specified TTL
• Use device identifiers for advertising or cross-site tracking
• Share device identifiers with third parties (except as legally required)

4. Cookies and Tracking

Minimal Cookie Usage:

We use minimal essential cookies only for basic functionality like theme preferences. No tracking or advertising cookies are used.

Types of Cookies

Essential Cookies: Required for basic site functionality (theme settings)
Security Cookies: Used for rate limiting and abuse prevention
No Analytics Cookies: We don't use Google Analytics or similar tracking
No Advertising Cookies: We don't serve ads or use ad networks

When you access shared content, we clear browser storage, cache, and cookies before rendering to protect your privacy and security.

5. Data Sharing and Third Parties

We do not sell, trade, or share your personal data. Limited sharing occurs only in these cases:

Service Providers

Cloud hosting and database providers - only for technical service delivery

Legal Requirements

When required by law, court order, or to protect our rights and safety

All service providers are contractually bound to protect your data and use it only for providing the PageDrop service.

6. Data Security

We implement enterprise-grade security measures:

Infrastructure Security

• HTTPS encryption for all data transmission
• Database encryption at rest and in transit
• Regular security audits and updates
• Isolated content rendering with security headers

Data Protection

• Industry-standard password hashing (never plain text)
• Automatic content deletion per TTL settings
• Input validation and sanitization
• Rate limiting and abuse prevention

While we use industry-standard security measures, no method of transmission over the Internet is 100% secure. Use password protection for sensitive content.

7. Data Retention

Your content is automatically deleted based on your chosen settings:

Content Retention

1 hour to 30 days based on your TTL selection, or immediately after first read

Technical Logs

Minimal logs retained for 30 days for security and performance monitoring

Security Data (Device Identifiers)

Device identifiers and actor profiles retained for 90 days, then automatically deleted (unless blocklisted)

Blocklists

Malicious content hashes, blocked IPs, and device identifiers retained permanently or until appeal

We may retain some data longer if required by law or for legitimate business purposes (security, fraud prevention), but personal data is minimized and anonymized when possible.

8. International Data Transfers

PageDrop is hosted on global cloud infrastructure. Your data may be processed in various countries to provide optimal performance. All transfers comply with applicable data protection laws.

EU Users: We take steps to ensure adequate protection for personal data transferred outside the EU, including using standard contractual clauses where applicable.

9. Your Rights

Depending on your location, you may have the following rights:

Access: Request information about data we hold about you
Correction: Request correction of inaccurate data
Deletion: Request deletion of your data (subject to legal requirements)
Portability: Request a copy of your data in a portable format
Objection: Object to processing of your data for certain purposes

Regarding Device Identifiers:

• You can request information about identifier data associated with your uploads
• Identifiers are automatically deleted after 90 days
• If blocked, you can appeal by contacting support with details
• We cannot delete identifiers if required to maintain security blocklists

Note: Since we don't require accounts or collect extensive personal data, many of these rights may not apply. Contact us to discuss your specific situation.

10. Children's Privacy

PageDrop is not intended for children under 13 years of age.

We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us immediately.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be posted on this page with an updated "Last modified" date. Significant changes will be communicated through the service or other appropriate means.

Your continued use of PageDrop after changes to this policy constitutes acceptance of the updated policy.

12. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact us:

Email: support@pagedrop.io

We respond to privacy inquiries within 48 hours during business days.

13. Data Breach Notification

In the unlikely event of a data breach that affects your personal information, we will:

Notify affected users within 72 hours when possible
Provide clear information about what data was affected
Explain steps we're taking to resolve the issue
Offer guidance on protective measures you can take
Comply with all applicable breach notification laws

This Privacy Policy is effective as of the date listed above and governs our collection, use, and disclosure of your information when you use PageDrop.